Trellix Endpoint Security Reviews

We are using McAfee Endpoint Security for network security.

There is a new feature where you can set thresholds for all the CPU consumption allowing for no consumption on the servers when the scans happen. It is a separate plugin or addon, and if we have it on all the virtual machines it automatically checks the resources, and based on that, it will schedule the scans. That is something that I have not seen in other antivirus solutions, such as Symantec.

The user interface could be improved by making it more user-friendly. There are multiple solutions and there is no clear line differentiating all of them. There is a centralized console where we manage everything but most of the administrators feel a little confused when it comes to managing multiple products from a single place.

In a future release, McAfee could improve by having a fewer resource-consuming agents. When you bundle up all the solutions with an agent, it becomes heavy for the endpoint to handle. This is one drawback that they should improve because some of their competitors, such as Trend Micro and Symantec both have low-consumption agents available.

McAfee has multiple solutions that can be combined together into a single product. There is no need to have this many solutions.

I have been using McAfee Endpoint Security for approximately 10 years.

McAfee Endpoint Security is stable. However, the way we implement it can impact stability sometimes. The stability can fluctuate because of the configuration that we have, or the different types of policy that we have on the endpoints. The configurations can be tweaked and tuned to make it becomes stable again.

The solution is scalable. We have approximately 80,000 endpoints on a single console. If we wanted to increase the number of endpoints it can scale higher.

The support from McAfee is far better than other vendors, such as Trend Micro and Symantec.

I have previously used Symantec and Trend Micro.

The initial setup for an experienced administrator should be easy. The setup can also be easy if you follow the very detailed guide which they call the KB guide that they provide. You can receive good support from the professional services team from McAfee. That is how many organizations usually do the initial setup.

I would advise others that are wanting to implement McAfee Endpoint Security to initially use help from the professional service team at McAfee, it will help a lot by making sure they do all the scalability and enviroment requirements. Additionally, they can ask questions based on their expectation and receive suggestions and answers. As an alternative, if you have an experienced person who is well-versed with implementations then I would use them, if not, I would always recommend using the professional service team at McAfee.

I rate McAfee Endpoint Security a seven out of ten.

Our use case is pretty straightforward. We have the central ePO that's running, and clients connect to it. All the clients connect to the ePO for updates and the ePO is able to go out and get updates, so it's pretty much like a star topology where you have the ePO sitting at the middle and handling all the requests from the clients and the servers.

We really like the dashboard from Trellix and we've found that it's pretty informative. Also, the reporting is pretty much immediate, so if there's any activity on the network, you're able to get notifications immediately. That's something that we really like about this product.

The solution consumes a lot of end user memory and CPU, so you need to have a computer that has a lot of resources for you to properly run Trellix. The agent ends up using a lot of resources, either RAM or CPU, and at times that bogs down users. I don't know if it's possible to have a lighter version of the agent, but if the agent was lighter it wouldn't consume so many resources, which would be good.

It's a bit complex. It's very granular and you need to really, really know the ins and outs of configuration. If you are specifically configuring an XML against ransomware, some very special setup, it can end up being a bit technical. You wouldn't want to make any mistakes while doing your configuration. A single configuration can make you lose whatever you wanted to do.

The other thing is if the engine would also focus more on malware, sort of an anti-malware. Trellix doesn't really focus so much on the anti-malware side, but there are other better performing antivirus or endpoint products that have better engines or they have a higher detection rate compared to what Trellix is currently providing.

I have been working with this solution for about three years.

If you've given the solution the resources that it needs, it's pretty much stable and it's able to continuously run uninterrupted. I've never seen any down times, so I'd say it's pretty much stable and it's built well.

As far as scalability, I think the solution is able to handle quite a bit. We have around three admins who interact with the product. Then we have the rest of the organization who interface with it, which is around 300 to 500 employees.

The tech support was pretty responsive and I believe all my questions were answered within the stated timeline. I can't remember what my questions were about, but I spoke with the technical team and got the help that I deserved. I would rate the support as a five out of five.

Positive

From a technical side, it's not so complicated. Of course, you need to set up your server correctly, and then deploying it to the agent is pretty simple. The setup on the server is the one that is a bit technical. You can't have a default deployment, so once you do your deployment you need to set up rules that work within your environment to be able to safeguard it against suspect files or potentially unwanted programs. You need to know exactly what to do, and that's the point that may not be very friendly to admin, because they might not know all of the threats that are out there. You can't really foresee a threat that you don't know about, or rather you don't know if you'd block it or not. The initial setup is pretty much straightforward if you're an IT person, but the configuration side has a learning curve. It takes quite some bit of time to really know exactly what you're doing.

We handled implementation in-house because when we got the licensing, we also got training modules from Trellix. Trellix has KB articles, which are pretty much straightforward and really helped quite a bit. I'd say it took about four hours to deploy from the time we started with a clean machine to the time that we started pulling updates and deploying to client machines.

On a scale of one to five, I'd give the setup a four, because the product pretty much does what it says it does, but it's not perfect. If you're an IT person, you'll be able to deploy it, and sending the Agent file to clients is pretty much a no-brainer.

The maintenance bit is okay as well. There's not a high amount of maintenance because you can automate many activities. You just need to make sure that your server is able to pick up the updates that are necessary, and make sure the databases are running okay. It's nothing new if you're in the IT environment, just making sure everything is running properly. I've never landed on an update that broke the application.

I believe for organizations that are looking for what Trellix is offering right now, there is a definite return on investment.

I think Trellix is more on the higher side of the market, just on a general scale, but I also think it depends on what particular package you choose. Different packages have different rates. I would give the pricing a three out of five. It depends on your usage because if the product works for you, then you might say the price is right. At one point it worked for us, but we have shifted our goals.

We currently considering switching from Trellix to Bitdefender mainly because Trellix isn't really focused on malware, and right now most threats are coming from within the organization as malware. Malware is something that can stop business continuity, so that's one of our main areas of focus, and Trellix is not doing really well within that perspective.

I would recommend Trellix to someone as long as they know exactly what they're looking for within the organization. For instance, Trellix is very granular, so if you have a dedicated security department that can customize policies and XML documents at a very fine level and specifically work on this product, then I would say, go for it. The solution is going to serve them well, because what it does, it does really well. You're able to experience possibly what's among the best products in the market. I would recommend it as long as the people know exactly what they're getting into and they're ready to handle the challenge.

On a scale of one to ten, I would give Trellix an eight.

It covers the AV and malware security piece.

It's mainly for compliance. In terms of products in the market, it's probably not the best, but it's the one that is already paid for under the corporate buy. It basically checks the box that we're doing malware threat prevention and antivirus protection.

It can be deployed quickly, and it's scalable. Those are the two advantages of it.

Trying to move away from the signature model for antivirus and malware blocking is something that would be nice. Instead of having to update every day, which is signature-based, moving to more of a kernel or architecture-based model would probably be beneficial.

It has probably been about a year since we rolled it out.

There are no issues. They continue to put out updates weekly or daily. The platform seems to be fairly mature.

It's definitely scalable.

Their tech support is average.

It's pretty straightforward. It can be automated from the central ePolicy orchestrator server. So, the installation is fairly easy because you can automate it with the deployment of your virtual machines and things like that.

I would rate it a three out of five in terms of cost.

I would rate it a seven out of ten. That's mainly because it seems like there are additional security features that could be built into it, or from the signature-based model, it could move to a different model.

We provide services. We mainly use this solution for endpoint security and protection. We have cloud, hybrid, and on-premises deployments.

A big advantage of McAfee Endpoint Security is the ability to manage very big environments. We are supporting environments with 200,000 to 300,000 endpoints. The ability to manage with one single console is very important for us.

McAfee has phenomenally improved in terms of detection. It provides real-time detection and response with the error, Real Protect, and reputations. It is not only based on signatures but also on behavior analytics, artificial intelligence, or machine learning. We have environments that never had issues with ransomware in the last 20 years. McAfee has a very good performance in this field.

The management console is a little bit difficult to understand for admins. You need a lot of time in order to become familiar with that. It is a little bit complicated and not too easy to understand. 

Its price can also be improved. Its price is higher than its competitors.

McAfee also needs to have better cloud integration and more data centers in the EU. The cloud center should be in Europe or in Germany. In Germany, it is really important to have access to your data within the same country. Customer data needs to be placed and processed in the same country.

I have been using this solution for 20 years. 

McAfee is very big. You can implement it in a very small environment but also in a very big environment. You don't have limits or limitations.

Technical support could be better. The first level of technical support has to support about 30 or 40 products, which is an impossible number to support. Therefore, their support teams at the first level needs the support of product specialists. You, in any case, get a professional product specialist at the second level, some times at the first level.

For the initial setup, McAfee always requires some kind of consulting, which is good for us as a provider. A customer cannot do an installation without help. It is not too easy for a customer, but it is fine for consultants.

Its price is very high. It is higher than its competitors, and it should be less.

You would be very happy with McAfee if you have the know-how of this solution and you have somebody who is an expert at this solution. McAfee is not too easy to understand, but when you understand the solution, you could be very happy with it.

I would rate McAfee Endpoint Security a nine out of ten.

Our primary use case is for endpoint protection, to block malware and viruses.

We like the web control and firewall.

I have been using McAfee for twenty years. 

It's very stable.

Scalability also works nicely. It's easier to scale it out on thousands of machines.

We only require two staff members for maintenance. There around 16,000 users. 

They have two different kinds of support. One is enterprise support and one is normal support. They charge more for enterprise support and when we raise tickets we get a good response but with the normal support, their response is not quick. They don't give much preference to normal support. It can take three, four days, or even a week to get a reply from them.

Being in the IT industry, we have come across different products, McAfee and Defender plus Symantec, and Trend Micro. For my needs, I like McAfee the most. Symantec might be equivalent but I like McAfee the most.

There are good web, application, and firewall control features. It would be helpful if the controlling of connections coming to the PC could be done from McAfee's side so that we can block those connections. 

It's a good product. I would recommend it. 

I would rate it a nine out of ten. It's easy to use and it's very powerful. It offers nice endpoint protection.

We use this product for our endpoint security.

The most valuable features are:  

- reporting facility using the ePO console for conformity and threat identification  

- using the advanced threat protection (ATP) 

- MNE module for customising and securing Windows Bitlocker.

We know that McAfee isn't the best antivirus and it can't protect us 100%, although we are okay with the level of protection that it gives us. I don't think that the problem lies in the antivirus, but rather, it's the user. Users are not happy with the antivirus and they try to solve the issue on their own, and that causes very big problems.

The is an incompatibility problem between Mcafee and Linux subsystem for Windows, another that has to do with Outlook and scripts. McAfee knows that, but the problem can't be solved at this time so we try to minimize the effect.

We have been using McAfee Endpoint Security for ten years.

In terms of stability, we haven't had many problems.

We use that solution for more that 10k station and servers, and we have space to grow...

The support that we get from McAfee is excellent.

We tried Bitdefender, F-Secure, and many other products before settling on McAfee. When our central agency switched to McAfee, we all adopted it.

The price of this product is good.

One of our subsidiaries has tried to switch products, although I don't know the reason why. Ultimately, the project was aborted.

My advice for anybody who is looking at McAfee Endpoint Security is simply to use it.

I would rate this solution an eight out of ten.

This product is mainly used for detecting viruses and malware on the laptops and also to scan older, existing files.  

The ability to check a wide range of vulnerabilities and devices is a very valuable feature in this product. This is not really a user interface or manually driven product. VirusScan gives an alert to the user that a scan should be performed on their device and the user has to click it to initiate the scan. Then McAfee scans the device and it gives a report saying that it has run a scan of the system and now everything is fine. It runs for the user rather than manual scanning.  

We are using it so the company is providing better security coverage end-to-end. I am not sure how to improve on that because it already achieves that goal and updates constantly.  

One thing I think it should do is alert administration if some attack is happening in local systems. I am not seeing that kind of alert. When users run a scan on their own system and nothing is found, that is fine. But ideally, VirusScan also has to send a notification of the source of an attack if one is detected.  

For example, if the threat came from opening an email attachment, an alert could be broadcast to warn other users on the system not to open the same attachment and McAfee could do that automatically. Something like that. Or at least it should make a report or alert for the administrator so that they can take the proper action.  

For the last six to eight years we have been using McAfee VirusScan Enterprise.  

The stability of the solution is fine, actually, and we are satisfied. It does not have a problem working with the 10,000+ users in our organization. It checks and updates everything every day and the stability is there.  

The scalability with McAfee is good. We currently have about 10,000 laptops which we are using it to secure. It is globally distributed and everybody uses the data scanning to ensure data security is a high priority.  

The people are using it with roles that range from the top to the bottom of the corporation. It is mandatory to use McAfee to ensure that we are in compliance with security regulations as well as preventing data loss on our local systems.  

We have plans to increase the usage of this product as the employee base and the number of devices increases.  

I did not have a chance to interact with the technical support team at McAfee because our local internal IT takes care of everything when it comes to the maintenance. Some issues that we have occur because the product is not upgrading locally for whatever reason. Our IT people will handle that type of minor support issue for us.  

As far as I know, before this company used McAfee VirusScan as a solution for these past six to seven years, there was not another endpoint security protection product in place.   

The initial setup is straightforward for the administration. The end-user should not have to do anything. There is an automatic trigger and it scans devices on the network along with their files and automatically generates a report. That is all there is to it. It is updated through the central station which tracks the upgrades and the devices that it scans.  

The implementation is kind of done in incremental steps because it is a cloud solution. It is just being pushed from the system to the central location. The agent runs on every laptop and we either manually click it when it issues a notice that it is time to scan the device, or it triggers by itself. It automatically runs these processes without intervention.  

As always, the cost of the licenses has to be paid and it will be per user per year. But the cost is minimal because we have taken a sort of deal with McAfee for a site license.  

I recommend McAfee VirusScan to everyone in an enterprise environment. Part of the reason is that nowadays everyone is working from home. Their systems and devices have to be secure when they are connecting externally to the internal network with whatever device they are using. They should have at least one security solution in their system so that they can avoid vulnerabilities that they may encounter outside of the secure internal network. VirusScan ensures that is happening.  

On a scale from one to ten where one is the worst and ten is the best, I would rate McAfee VirusScan Enterprise as a nine-out-of-ten. It is a very good solution and gives good blanket protection.  

We are using the latest version at the moment because I'm managed by the MVISION tenants.

In the past, many people had issues with the utilization of detections and resources. ENS is actually very good for detection. When properly configured, especially when the prevention feature is activated, it integrates very well with the ATP, in respect of the endpoint. ATP offers very good protection and is a rich solution which helps to remove ransomware. I've been using the product for a while now and been able to secure a lot of environmental ransomware attacks, as well as some others, by integrating the ATP with the ENS. 

It is of primary importance that the solution does not cripple my system. When an endpoint is sitting on one's computer a struggle ensues involving resources, since the endpoint is actually scanning. At present, it either does not do so or is not noticeable. The detection rate is very high and one can be certain that he is not getting false positives, since he can see if the policy is properly configured. 

The detection is great and the solution is constantly improving. 

It would be nice if the solution were to allow not just on-cloud management, but on-premises, as well. 

I have been using McAfee Endpoint Security for a couple of years. I started with Virus Scan and moved to MVISION when it was introduced. I used ENS when it was made available. While I cannot remember for certain, I believe I have been using the solution since 2015 or 2016. I still use it. 

The solution is very stable. Proper configuration means that we have not had issues with the stability. When all is said and done, the landscape is shifting towards one involving EDR, which is necessary for one to feel he has complete endpoint protection. 

The solution is scalable. 

While there is a need to utilize technical support, I feel it to be fair. Overall, support will point one in a certain, or appropriate, direction, although they will occasionally ask that the person solve the problem on his own. The process may take longer if the issue involves the product. Proper escalation can shorten the resolution process. While I have occasionally had to solve the problem by myself, more often than not the support is very helpful and reliable, especially of late. 

The deployment is simple and very straightforward, including when one wishes to deploy in the cloud.

Deployment can be handled on one's own. Most deployments are the same. When deploying in the cloud, there is only a need to click several times on the link that is sent. There's nothing to it. Anybody can actually do the installation. It's very straightforward.

We are distributors although, as an engineer, I handle everything, including integration. 

McAfee's prices are flexible and can be quite competitive, although there are other solutions that are even more so. Most end-users don't focus on which solution is better, but on which one is most cost-effective. 

Our customers must pay for the licensing involved in using the solution, which they do so annually. Yet, the majority of our customers deploy the solution on-premises, which means their licenses are perpetual. There is still a need to pay for support, however, and this must be renewed annually. 

The solution does a fine job of integration. 

It is deployed in the cloud. 

My organization is very big. Like I said, we're systems integrators. As we are a distribution company, I am in a position to speak from a technical point of view. I've actually seen environments that reach 16,000. I did the deployment for a bank in Ghana, which is under the management of the Pan-African Bank and is responsible for management throughout all of Africa, save for Nigeria. This involved around 15,000 nodes. There is another bank in Nigeria with between 4,000 to 6,000 nodes and still others with around 12,000. 

I would definitely recommend this solution to other users. Leaving aside the fact that I sell this solution, when it comes to endpoint security solutions the world over, McAfee is one of the best, if not the best.